The Client
Our Customer is a Online News Community http://www.newsfromfriends.com . User can get their personal newspaper and share thoughts and address them to special persons
The Requirements
Customer wanted to make sure their users privacy and content are secured enough, few of their security test requirements are below:
SQL injection vulnerability
Cross site scripting
Business workflow securities
Authentication security
Brute force authentication breach testing
Firewall security testing
Web server files security
The Solution
Identification of Application Input e.g. Files, environment variables, parameters in URL, through form submission etc., config files and registry
Identification Application Output e.g. Files, Environmental Variables, Network Traffic, The Windows Registry, Console/Form, Database Source
Logical tests Authentication, login, Email confirmation, business work flow securities, data encryption etc.
The Technology
PHP
Linux
Apache
Contribution
Breach finding using cross site scripting and SQL injection
Breach finding using Brute force authentication
Link injection, other user’s profile access breach and their content as well
Hidden folders and direct files access from web server
Email security and Data encryption security.
